Bug 710312

I can not check whether there is some changes into v1.3.20.
https://packages.debian.org/sid/logcheck

chmod 1777 /var/lock 
does not solved : i keep getting the alertes from Cron.

ls -ldZ /var/lock /run /run/lock /run/lock/
drwxr-xr-x. 17 root root system_u:object_r:var_run_t  740 21 févr. 11:15 /run
drwxrwxrwt.  3 root uucp system_u:object_r:var_lock_t  60 21 févr. 10:27 /run/lock
drwxrwxrwt.  3 root uucp system_u:object_r:var_lock_t  60 21 févr. 10:27 /run/lock/
lrwxrwxrwx.  1 root root system_u:object_r:var_lock_t   9 13 juin   2018 /var/lock -> /run/lock

Subject: Cron <logcheck@localhost> if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck ; fi
mkdir: cannot create directory ‘/run/lock/logcheck’: Permission denied

Subject: Cron <root@localhost> run-parts /etc/cron.hourly
mkdir: cannot create directory ‘/var/lock/logcheck’: Permission denied
run-parts: /etc/cron.hourly/logcheck.cron exited with return code 1

I got also a another alerte :

From: added by portage for logcheck <logcheck@localhost>
Subject: Logcheck: localhost 2020-02-21 15:02 +0100 exiting due to errors

Warning: If you are seeing this message, your log files may not have been
checked!

Details:
Could not run logtail or save output

Check temporary directory: /tmp/logcheck.jlAm3G

Also verify that the logcheck user can read all files referenced in
/etc/logcheck/logcheck.logfiles!

declare -x HOME="/tmp"
declare -x LANG="fr_FR.utf8"
declare -x LC_COLLATE="C"
declare -x LC_MESSAGES="en_US.UTF-8"
declare -x LOGNAME="logcheck"
declare -x MAILTO="root"
declare -x OLDPWD
declare -x PATH="/sbin:/bin:/usr/sbin:/usr/bin"
declare -x PWD="/tmp"
declare -x SHELL="/bin/sh"
declare -x SHLVL="2"
declare -x USER="logcheck"

cat /etc/logcheck/logcheck.logfiles

/var/log/auth.log
/var/log/messages
/var/log/cron.log
/var/log/daemon.log
/var/log/debug.log
/var/log/kern.log
/var/log/user.log

-rw-r-----. 1 root logcheck system_u:object_r:var_log_t       17468 21 févr. 15:02 /var/log/auth.log
-rw-r-----. 1 root logcheck system_u:object_r:cron_log_t     283639 21 févr. 15:41 /var/log/cron.log
-rw-r-----. 1 root logcheck system_u:object_r:var_log_t       35544 21 févr. 15:33 /var/log/daemon.log
-rw-r-----. 1 root logcheck system_u:object_r:var_log_t       36094 21 févr. 10:27 /var/log/debug.log
-rw-r-----. 1 root logcheck system_u:object_r:var_log_t      446565 21 févr. 14:41 /var/log/kern.log
-rw-r-----. 1 root logcheck system_u:object_r:var_log_t  1346819591 21 févr. 15:41 /var/log/messages
-rw-r-----. 1 root logcheck system_u:object_r:var_log_t       33352 21 févr. 14:41 /var/log/user.log

cat /var/log/cron.log |egrep 'Permission denied'
(CRON) This directory or file can't be watched (/var/spool/cron/crontabs): Permission denied
(CRON) This directory or file can't be watched (/etc/cron.d): Permission denied
(CRON) This directory or file can't be watched (/etc/crontab): Permission denied

drwxr-xr-x. 1 root root    system_u:object_r:system_cron_spool_t 144 30 janv. 18:42 /etc/cron.d
-rw-r--r--. 1 root root    system_u:object_r:system_cron_spool_t 476 12 nov.  15:14 /etc/crontab
drwx-wx--T. 1 root crontab system_u:object_r:cron_spool_t         52 12 nov.  15:14 /var/spool/cron/crontabs

su -s /bin/bash -c "/usr/sbin/logcheck -d" logcheck
D: [1582297218] Turning debug mode on
D: [1582297218] Sourcing - /etc/logcheck/logcheck.conf
D: [1582297218] Finished getopts c:dhH:l:L:m:opr:RsS:tTuvw
D: [1582297218] Trying to get lockfile: /run/lock/logcheck/logcheck.lock
D: [1582297218] Running lockfile-touch /run/lock/logcheck/logcheck.lock
D: [1582297218] cleanrules: /etc/logcheck/cracking.d/kernel
D: [1582297218] cleanrules: /etc/logcheck/cracking.d/rlogind
D: [1582297218] cleanrules: /etc/logcheck/cracking.d/rsh
D: [1582297218] cleanrules: /etc/logcheck/cracking.d/smartd
D: [1582297218] cleanrules: /etc/logcheck/cracking.d/tftpd
D: [1582297218] cleanrules: /etc/logcheck/cracking.d/uucico
D: [1582297218] cleanrules: /etc/logcheck/violations.d/kernel
D: [1582297218] cleanrules: /etc/logcheck/violations.d/logcheck
D: [1582297218] cleanrules: /etc/logcheck/violations.d/smartd
D: [1582297218] cleanrules: /etc/logcheck/violations.d/su
D: [1582297218] cleanrules: /etc/logcheck/violations.d/sudo
D: [1582297218] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-su
D: [1582297218] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-sudo
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/acpid
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/amandad
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/amavisd-new
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/anacron
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/anon-proxy
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/apache
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/apcupsd
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/arpwatch
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/asterisk
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/automount
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/bind
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/bluez-utils
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/courier
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cpqarrayd
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cpufreqd
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cron
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cron-apt
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cups-lpd
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cvs-pserver
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cvsd
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/cyrus
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dcc
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/ddclient
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dhclient
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dhcp
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dictd
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dkfilter
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dnsmasq
D: [1582297218] cleanrules: /etc/logcheck/ignore.d.server/dovecot
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/dropbear
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/dspam
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/epmd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/exim4
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/fcron
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ftpd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/git-daemon
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/gnu-imap4d
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/gps
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/grinch
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/horde3
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/hplip
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/hylafax
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ikiwiki
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/imap
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/imapproxy
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/imp
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/imp4
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/innd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ipppd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/isdnlog
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/isdnutils
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/jabberd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/kernel
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/klogind
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/krb5-kdc
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/libpam-krb5
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/libpam-mount
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/logcheck
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/login
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/maradns
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/mldonkey-server
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/mon
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/mountd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nagios
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/netconsole
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nfs
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nntpcache
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nscd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/nslcd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/openvpn
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/otrs
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/passwd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/pdns
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/perdition
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/policyd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/popa3d
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/postfix
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/postfix-policyd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ppp
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/pptpd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/procmail
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/proftpd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/pure-ftpd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/pureftp
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/qpopper
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/rbldnsd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/rpc_statd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/rsnapshot
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/rsync
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/sa-exim
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/samba
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/saned
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/sasl2-bin
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/saslauthd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/schroot
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/scponly
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/slapd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/smartd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/smbd_audit
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/smokeping
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/snmpd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/snort
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/spamc
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/spamd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/squid
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ssh
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/stunnel
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/su
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/sudo
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/sympa
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/syslogd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/systemd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/systemd-timesyncd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/teapop
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/telnetd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/tftpd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/thy
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/ucd-snmp
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/upsd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/uptimed
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/userv
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/vsftpd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/watchdog
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/wu-ftpd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.server/xinetd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/bind
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/cron
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/incron
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/logcheck
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/postfix
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/ppp
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/pureftp
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/qpopper
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/squid
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/ssh
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/stunnel
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/sysklogd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/telnetd
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/tripwire
D: [1582297219] cleanrules: /etc/logcheck/ignore.d.paranoid/usb
D: [1582297219] logoutput called with file: /var/log/auth.log
D: [1582297219] Running /usr/sbin/logtail2 on /var/log/auth.log
D: [1582297219] logoutput called with file: /var/log/messages
D: [1582297219] Running /usr/sbin/logtail2 on /var/log/messages
D: [1582297245] logoutput called with file: /var/log/cron.log
D: [1582297245] Running /usr/sbin/logtail2 on /var/log/cron.log
D: [1582297245] logoutput called with file: /var/log/daemon.log
D: [1582297245] Running /usr/sbin/logtail2 on /var/log/daemon.log
D: [1582297245] logoutput called with file: /var/log/debug.log
D: [1582297245] Running /usr/sbin/logtail2 on /var/log/debug.log
D: [1582297245] logoutput called with file: /var/log/kern.log
D: [1582297245] Running /usr/sbin/logtail2 on /var/log/kern.log
D: [1582297245] logoutput called with file: /var/log/user.log
D: [1582297245] Running /usr/sbin/logtail2 on /var/log/user.log
D: [1582297245] Sorting logs
D: [1582297283] Setting the Intro
D: [1582297283] Checking for security alerts
D: [1582297283] greplogoutput: kernel
D: [1582297284] greplogoutput: rlogind
D: [1582297285] greplogoutput: rsh
D: [1582297286] greplogoutput: smartd
D: [1582297287] greplogoutput: tftpd
D: [1582297288] greplogoutput: uucico
D: [1582297289] greplogoutput: returning 1
D: [1582297289] Checking for security events
D: [1582297289] greplogoutput: kernel
D: [1582297290] greplogoutput: logcheck
D: [1582297290] greplogoutput: smartd
D: [1582297290] greplogoutput: su
D: [1582297290] greplogoutput: Entries in checked
D: [1582297290] cleanchecked - file: /tmp/logcheck.EcXEoe/violations-ignore/logcheck-su
D: [1582297291] greplogoutput: sudo
D: [1582297291] greplogoutput: Entries in checked
D: [1582297291] cleanchecked - file: /tmp/logcheck.EcXEoe/violations-ignore/logcheck-sudo
D: [1582297291] report: cat'ing - Security Events for sudo
D: [1582297291] greplogoutput: returning 0
D: [1582297291] Checking for system events
D: [1582297292] cleanchecked - dir - /tmp/logcheck.EcXEoe/ignore
D: [1582297292] cleanchecked - dir - /tmp/logcheck.EcXEoe/ignore/acpid
cat: write error: No space left on device
D: [1582297292] error: Killing lockfile-touch - 25887
D: [1582297292] error: Removing lockfile: /run/lock/logcheck/logcheck.lock
D: [1582297292] Error: Could not output to TMPDIR/checked.1.
/usr/sbin/logcheck: line 164: cannot create temp file for here-document: No space left on device
D: [1582297292] cleanup: Removing - /tmp/logcheck.EcXEoe

FILESYSTEM             (=) USED      FREE (-)  %USED AVAILABLE  TOTAL MOUNTED ON
devtmpfs               [--------------------]   0,0%     10,0M  10,0M /dev
tmpfs                  [=-------------------]   1,0%      7,7G   7,8G /dev/shm
tmpfs                  [=-------------------]   0,0%      7,8G   7,8G /run
/dev/mapper/gnu-rootfs [=======-------------]  33,6%    303,8G 457,8G /
cgroup_root            [--------------------]   0,0%     10,0M  10,0M /sys/fs/cgroup
/dev/mapper/gnu-rootfs [=======-------------]  33,6%    303,8G 457,8G /home
/dev/mapper/gnu-rootfs [=======-------------]  33,6%    303,8G 457,8G /boot
/dev/mapper/gnu-rootfs [=======-------------]  33,6%    303,8G 457,8G /opt
/dev/mapper/gnu-rootfs [=======-------------]  33,6%    303,8G 457,8G /var
/dev/mapper/gnu-rootfs [=======-------------]  33,6%    303,8G 457,8G /var/log
/dev/mapper/gnu-rootfs [=======-------------]  33,6%    303,8G 457,8G /var/tmp
tmpfs                  [=-------------------]   0,0%      4,0G   4,0G /tmp
none                   [=-------------------]   0,0%      7,8G   7,8G /run/user/1000

Changelog : 
https://metadata.ftp-master.debian.org/changelogs//main/l/logcheck/logcheck_1.3.20_changelog

It seems that hhere is no changes into v1.3.20 that could correct with the Gentoo version 1.3.18-r1.

I've solved some alertes with SELinux :

allow system_cronjob_t var_lock_t:dir create;
allow system_cronjob_t var_lib_t:file { read write open };
allow system_cronjob_t var_lock_t:dir setattr;
allow system_cronjob_t self:cap_userns sys_ptrace;
allow system_cronjob_t self:capability sys_ptrace;

But, it seems that  this one has nothing with SELinux :

From: "(Cron Daemon)" <logcheck@localhost>
Subject: Cron <logcheck@localhost> if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
mkdir: cannot create directory ‘/run/lock/logcheck’: Permission denied


ll /var/lock/
drwxr-xr-x. 2 logcheck logcheck 40 27 févr. 12:02 logcheck
drwx------. 2 root     root     40 27 févr. 10:34 lvm

ll /var/lock/ -dZ
drwxrwxr-x. 4 root uucp system_u:object_r:var_lock_t 80 27 févr. 11:01 /var/lock/

ll /var/lock
lrwxrwxrwx. 1 root root 9 13 juin   2018 /var/lock -> /run/lock

ll /run/lock/ -dZ
drwxrwxr-x. 4 root uucp system_u:object_r:var_lock_t 80 27 févr. 11:01 /run/lock/


/run is mounted in tmpfs filsystem.